Index: includes/common.inc =================================================================== RCS file: /cvs/drupal/drupal/includes/common.inc,v retrieving revision 1.977 diff -u -p -r1.977 common.inc --- includes/common.inc 26 Aug 2009 15:00:17 -0000 1.977 +++ includes/common.inc 29 Aug 2009 05:24:28 -0000 @@ -229,6 +229,10 @@ function drupal_clear_path_cache() { function drupal_add_feed($url = NULL, $title = '') { $stored_feed_links = &drupal_static(__FUNCTION__, array()); + if (!user_access('access rss content')) { + return array(); + } + if (!is_null($url) && !isset($stored_feed_links[$url])) { $stored_feed_links[$url] = theme('feed_icon', $url, $title); Index: modules/aggregator/aggregator.test =================================================================== RCS file: /cvs/drupal/drupal/modules/aggregator/aggregator.test,v retrieving revision 1.31 diff -u -p -r1.31 aggregator.test --- modules/aggregator/aggregator.test 24 Aug 2009 17:11:42 -0000 1.31 +++ modules/aggregator/aggregator.test 29 Aug 2009 05:24:29 -0000 @@ -9,7 +9,7 @@ class AggregatorTestCase extends DrupalWebTestCase { function setUp() { parent::setUp('aggregator', 'aggregator_test'); - $web_user = $this->drupalCreateUser(array('administer news feeds', 'access news feeds', 'create article content')); + $web_user = $this->drupalCreateUser(array('administer news feeds', 'access news feeds', 'create article content', 'access rss content')); $this->drupalLogin($web_user); } Index: modules/blog/blog.module =================================================================== RCS file: /cvs/drupal/drupal/modules/blog/blog.module,v retrieving revision 1.334 diff -u -p -r1.334 blog.module --- modules/blog/blog.module 24 Aug 2009 00:14:19 -0000 1.334 +++ modules/blog/blog.module 29 Aug 2009 05:24:29 -0000 @@ -101,7 +101,7 @@ function blog_menu() { 'page callback' => 'blog_page_user', 'page arguments' => array(1), 'access callback' => 'blog_page_user_access', - 'access arguments' => array(1), + 'access arguments' => array(1, 'access content'), 'file' => 'blog.pages.inc', ); $items['blog/%user/feed'] = array( @@ -109,14 +109,14 @@ function blog_menu() { 'page callback' => 'blog_feed_user', 'page arguments' => array(1), 'access callback' => 'blog_page_user_access', - 'access arguments' => array(1), + 'access arguments' => array(1, 'access rss content'), 'type' => MENU_CALLBACK, 'file' => 'blog.pages.inc', ); $items['blog/feed'] = array( 'title' => 'Blogs', 'page callback' => 'blog_feed_last', - 'access arguments' => array('access content'), + 'access arguments' => array('access rss content'), 'type' => MENU_CALLBACK, 'file' => 'blog.pages.inc', ); @@ -127,11 +127,11 @@ function blog_menu() { /** * Access callback for user blog pages. */ -function blog_page_user_access($account) { +function blog_page_user_access($account, $permission) { // The visitor must be able to access the site's content. // For a blog to 'exist' the user must either be able to // create new blog entries, or it must have existing posts. - return $account->uid && user_access('access content') && (user_access('create blog content', $account) || _blog_post_exists($account)); + return $account->uid && user_access($permission) && (user_access('create blog content', $account) || _blog_post_exists($account)); } /** Index: modules/blog/blog.test =================================================================== RCS file: /cvs/drupal/drupal/modules/blog/blog.test,v retrieving revision 1.18 diff -u -p -r1.18 blog.test --- modules/blog/blog.test 22 Aug 2009 00:58:52 -0000 1.18 +++ modules/blog/blog.test 29 Aug 2009 05:24:29 -0000 @@ -21,8 +21,8 @@ class BlogTestCase extends DrupalWebTest parent::setUp('blog'); // Create users. $this->big_user = $this->drupalCreateUser(array('administer blocks')); - $this->own_user = $this->drupalCreateUser(array('create blog content', 'edit own blog content', 'delete own blog content')); - $this->any_user = $this->drupalCreateUser(array('create blog content', 'edit any blog content', 'delete any blog content', 'access administration pages')); + $this->own_user = $this->drupalCreateUser(array('create blog content', 'edit own blog content', 'delete own blog content', 'access rss content')); + $this->any_user = $this->drupalCreateUser(array('create blog content', 'edit any blog content', 'delete any blog content', 'access administration pages', 'access rss content')); } /** Index: modules/comment/comment.test =================================================================== RCS file: /cvs/drupal/drupal/modules/comment/comment.test,v retrieving revision 1.44 diff -u -p -r1.44 comment.test --- modules/comment/comment.test 21 Aug 2009 14:27:44 -0000 1.44 +++ modules/comment/comment.test 29 Aug 2009 05:24:30 -0000 @@ -10,7 +10,7 @@ class CommentHelperCase extends DrupalWe parent::setUp('comment', 'search'); // Create users. $this->admin_user = $this->drupalCreateUser(array('administer content types', 'administer comments', 'administer permissions', 'administer blocks')); - $this->web_user = $this->drupalCreateUser(array('access comments', 'post comments', 'create article content')); + $this->web_user = $this->drupalCreateUser(array('access comments', 'post comments', 'create article content', 'access rss content')); $this->drupalLogin($this->web_user); $this->node = $this->drupalCreateNode(array('type' => 'article', 'promote' => 1)); Index: modules/node/node.module =================================================================== RCS file: /cvs/drupal/drupal/modules/node/node.module,v retrieving revision 1.1113 diff -u -p -r1.1113 node.module --- modules/node/node.module 29 Aug 2009 04:16:14 -0000 1.1113 +++ modules/node/node.module 29 Aug 2009 05:24:31 -0000 @@ -1196,6 +1196,10 @@ function node_permission() { 'title' => t('Access content'), 'description' => t('View published content.'), ), + 'access rss content' => array( + 'title' => t('Access RSS content'), + 'description' => t('View published content through RSS.'), + ), 'bypass node access' => array( 'title' => t('Bypass node access'), 'description' => t('View, edit and delete all site content. Users with this permission will bypass any content-related access control. %warning', array('%warning' => t('Warning: Give to trusted roles only; this permission has security implications.'))), @@ -1618,7 +1622,7 @@ function node_menu() { $items['rss.xml'] = array( 'title' => 'RSS feed', 'page callback' => 'node_feed', - 'access arguments' => array('access content'), + 'access arguments' => array('access rss content'), 'type' => MENU_CALLBACK, ); // Reset internal static cache of _node_types_build, forces to rebuild the node type information. @@ -1794,6 +1798,10 @@ function node_block_view($delta = '') { function node_feed($nids = FALSE, $channel = array()) { global $base_url, $language; + if (!user_access('access rss content')) { + return drupal_not_found(); + } + if ($nids === FALSE) { $nids = db_select('node', 'n') ->fields('n', array('nid', 'created')) Index: modules/node/node.test =================================================================== RCS file: /cvs/drupal/drupal/modules/node/node.test,v retrieving revision 1.43 diff -u -p -r1.43 node.test --- modules/node/node.test 29 Aug 2009 04:16:15 -0000 1.43 +++ modules/node/node.test 29 Aug 2009 05:24:31 -0000 @@ -578,6 +578,7 @@ class NodeRSSContentTestCase extends Dru function setUp() { // Enable dummy module that implements hook_node_view. parent::setUp('node_test'); + $this->anonym = $this->drupalCreateUser(array('access rss content')); } /** @@ -585,6 +586,7 @@ class NodeRSSContentTestCase extends Dru * to an RSS feed. */ function testNodeRSSContent() { + $this->drupalLogin($this->anonym); // Create a node. $node = $this->drupalCreateNode(array('type' => 'article', 'promote' => 1)); Index: modules/system/system.admin.inc =================================================================== RCS file: /cvs/drupal/drupal/modules/system/system.admin.inc,v retrieving revision 1.197 diff -u -p -r1.197 system.admin.inc --- modules/system/system.admin.inc 26 Aug 2009 10:53:45 -0000 1.197 +++ modules/system/system.admin.inc 29 Aug 2009 05:24:32 -0000 @@ -1573,8 +1573,8 @@ function system_rss_feeds_settings() { '#type' => 'select', '#title' => t('Number of items in each feed'), '#default_value' => 10, - '#options' => drupal_map_assoc(array(1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 15, 20, 25, 30)), - '#description' => t('Default number of items to include in each feed.') + '#options' => drupal_map_assoc(array(0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 15, 20, 25, 30)), + '#description' => t('Default number of items to include in each feed. You can turn the RSS feed off on the !permission_page.', array('!permission_page' => l('permission page', "admin/user/permissions"))) ); $form['feed_item_length'] = array( '#type' => 'select', Index: modules/system/system.install =================================================================== RCS file: /cvs/drupal/drupal/modules/system/system.install,v retrieving revision 1.382 diff -u -p -r1.382 system.install --- modules/system/system.install 28 Aug 2009 19:44:05 -0000 1.382 +++ modules/system/system.install 29 Aug 2009 05:24:33 -0000 @@ -2459,6 +2459,18 @@ function system_update_7037() { } /** + * Add 'access rss content' permission to anonymous and authenticated roles. + */ +function system_update_7038() { + $ret = array(); + + $ret = update_sql("INSERT INTO {role_permission} (rid, permission) VALUES (". DRUPAL_ANONYMOUS_RID .", 'access rss content')"); + $ret = update_sql("INSERT INTO {role_permission} (rid, permission) VALUES (". DRUPAL_AUTHENTICATED_RID .", 'access rss content')"); + + return $ret; +} + +/** * @} End of "defgroup updates-6.x-to-7.x" * The next series of updates should start at 8000. */ Index: modules/taxonomy/taxonomy.module =================================================================== RCS file: /cvs/drupal/drupal/modules/taxonomy/taxonomy.module,v retrieving revision 1.507 diff -u -p -r1.507 taxonomy.module --- modules/taxonomy/taxonomy.module 27 Aug 2009 20:48:31 -0000 1.507 +++ modules/taxonomy/taxonomy.module 29 Aug 2009 05:24:34 -0000 @@ -239,7 +239,7 @@ function taxonomy_menu() { 'title arguments' => array(2), 'page callback' => 'taxonomy_term_feed', 'page arguments' => array(2), - 'access arguments' => array('access content'), + 'access arguments' => array('access rss content'), 'type' => MENU_CALLBACK, 'file' => 'taxonomy.feeds.inc', ); Index: profiles/default/default.install =================================================================== RCS file: /cvs/drupal/drupal/profiles/default/default.install,v retrieving revision 1.2 diff -u -p -r1.2 default.install --- profiles/default/default.install 27 Aug 2009 20:25:29 -0000 1.2 +++ profiles/default/default.install 29 Aug 2009 05:24:34 -0000 @@ -184,8 +184,8 @@ function default_install() { db_insert('taxonomy_vocabulary_node_type')->fields(array('vid' => $vid, 'type' => 'article'))->execute(); // Enable default permissions for system roles. - user_role_set_permissions(DRUPAL_ANONYMOUS_RID, array('access content')); - user_role_set_permissions(DRUPAL_AUTHENTICATED_RID, array('access content', 'access comments', 'post comments', 'post comments without approval')); + user_role_set_permissions(DRUPAL_ANONYMOUS_RID, array('access content', 'access rss content')); + user_role_set_permissions(DRUPAL_AUTHENTICATED_RID, array('access content', 'access rss content', 'access comments', 'post comments', 'post comments without approval')); // Create a default role for site administrators, with all available permissions assigned. Index: profiles/expert/expert.install =================================================================== RCS file: /cvs/drupal/drupal/profiles/expert/expert.install,v retrieving revision 1.2 diff -u -p -r1.2 expert.install --- profiles/expert/expert.install 27 Aug 2009 20:25:29 -0000 1.2 +++ profiles/expert/expert.install 29 Aug 2009 05:24:34 -0000 @@ -68,8 +68,8 @@ function expert_install() { $query->execute(); // Enable default permissions for system roles. - user_role_set_permissions(DRUPAL_ANONYMOUS_RID, array('access content')); - user_role_set_permissions(DRUPAL_AUTHENTICATED_RID, array('access content', 'access comments', 'post comments', 'post comments without approval')); + user_role_set_permissions(DRUPAL_ANONYMOUS_RID, array('access content', 'access rss content')); + user_role_set_permissions(DRUPAL_AUTHENTICATED_RID, array('access content', 'access rss content', 'access comments', 'post comments', 'post comments without approval')); }